Create Service Definitions
Panorama > VMware NSX > Service
Definitions
A service definition allows you to register the VM-Series firewall
as a partner security service on the NSX Manager. You can define
up to 32 service definitions on Panorama and synchronize them on
the NSX Manager.
Typically, you will create one service definition for each tenant
in an ESXi cluster. Each service definition specifies the OVF (PAN-OS
version) used to deploy the firewall and includes the configuration
for the VM-Series firewalls installed on the ESXi cluster. To specify
the configuration, a service definition must have a unique template,
a unique device group and the license auth-codes for the firewalls
that will be deployed using the service definition. When the firewall
is deployed, it connects to Panorama and receives both its configuration settings—including
the zone(s) for each tenant or department that the firewall will
secure—and its policy settings from the device group specified in
the service definition.
To add a new service definition, configure the settings as described
in the following table.
| Enter the name for the service you want
to display on the NSX Manager. |
| ( Optional ) Enter a label to describe
the purpose or function of this service definition. |
| Select the device group or device group
hierarchy to which these VM-Series firewalls will be assigned. For
details, see Panorama
> VMware NSX. |
| Select the template to which the VM-Series
firewalls will be assigned. For details, see Panorama
> Templates. Each service definition must be assigned
to a unique template or template stack. A template can have
multiple zones (NSX Service Profile Zones for NSX) associated with
it. For a single-tenant deployment, create one zone (NSX Service
Profile Zone) in the template. If you have a multi-tenant deployment,
create a zone for each sub-tenant. When you create a new NSX
Service Profile Zone, it is automatically attached to a pair of
virtual wire subinterfaces. For more information, see Network
> Zones. |
| Enter the URL (IP address or host name and
path) where the NSX Manager can access the OVF file to provision
new VM-Series firewalls. |
| Select a notify group from the drop-down. |